[jira] [Assigned] (HBASE-21163) Support backup-and-restore operations without Hbase Super user privilege

Thu, 06 Sep 2018 11:17:08 -0700 


     [ 
https://issues.apache.org/jira/browse/HBASE-21163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vladimir Rodionov reassigned HBASE-21163:
-----------------------------------------

      Assignee: Vladimir Rodionov
      Priority: Major  (was: Minor)
    Issue Type: Improvement  (was: Brainstorming)
       Summary: Support backup-and-restore operations without Hbase Super user 
privilege  (was: Review into ability to run backup-and-restore utility without 
Hbase Super user privilege)

> Support backup-and-restore operations without Hbase Super user privilege
> ------------------------------------------------------------------------
>
>                 Key: HBASE-21163
>                 URL: https://issues.apache.org/jira/browse/HBASE-21163
>             Project: HBase
>          Issue Type: Improvement
>          Components: hbase-operator-tools
>            Reporter: sujit p
>            Assignee: Vladimir Rodionov
>            Priority: Major
>
> Hello Team,
> I am opening this Apache Jira to request for an analysis on considering 
> following problem statement:
> Currently backup-and-restore utility is designed to work with "hbase" 
> superuser privileges.
> I see at-least couple concerns on that, may be more, will add more later on:
>  * For smaller organizations with less than 20 hbase tables or couple of 
> clusters, it is manageable, hbase admins. However, for larger organizations 
> or larger clusters, that would need providing hbase super user access to many 
> people to manage such operations which can be a security risk on source 
> cluster.
>  * In certain scenarios, it may be typical to have one DR Cluster in remote 
> data center to store backup tables, and having super privileges for all 
> tables in remote cluster is another risk for same reasons above.
> I suggest to review into making backup and restore without hbase super 
> privileges .
> Tenants or application admins may have certainly have admin access to 
> relevant tables/namespaces/snapshots.
> Here is an example on what I am proposing from RDBMS : 
> [https://docs.oracle.com/cd/E16926_01/doc.121/e16564/configure_users_classes.htm#OBADM144]
> Thanks
>  
> PS: Forgive me if I hadn't opened my second apache Jira correct way, happy to 
> correct it.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to